Hi there,
I'm using a static NAT (overload) to map a subnet of private addresses to a single routable IP.
However, from the "outside" (from the PIX) I would like to be able to ping/connect to the invidual private addresses. The static routes are there, but when I ping them, the ping is returned from the Routeable IP, not the private so it fails.
eg ->
------------------------
203.203.203.1 Cisco PIX 203.203.204.1----------------------- | | |
-----------------------
203.203.204.2 192.168.0.1 (secondary addr for wireless net)Cisco 2610
----------------------
Pinging 192.168.0.1 (2610) from 203.203.204.1 (PIX) ->
ping intf2 192.168.205.1
624: ICMP echo request (len 32 id 9233 seq 0) 203.203.204.1 > 192.168.0.1 625: ICMP echo reply (len 32 id 9233 seq 0) 203.203.204.2 > 203.203.204.1interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 secondary ip address 203.203.204.2 255.255.255.0 ip nat inside ip policy route-map set-default duplex auto speed auto no cdp enable hold-queue 256 in
ip nat pool no-overload 203.203.204.2 203.203.204.2 prefix-length 24 ip nat inside source list 7 pool no-overload no ip http server ip classless ip route 0.0.0.0 0.0.0.0 ip route 192.168.0.0 255.255.255.0 203.203.204.1
access-list 7 permit 192.168.0.0 0.0.0.255 dialer-list 1 protocol ip permit no cdp run route-map set-default permit 10 match ip address 7 set ip next-hop 203.203.204.1
So is there a way to exclude the NAT for my PIX subnet (have even tried setting up 192.168.0.3 on a PIX interface with static routes to and from 2610 but no luck there either)
I need to be able to ping/monitor hosts in the 192.168.0.0 subnet but also allow them all internet access with the NAT overload.
Apologies for lack of detail, I'm no expert but fully appreciate any advice on better ways to achieve this aim, The PIX and 2610 are about
40kms apart so am trying to find a way to monitor the 192.168.0.0 hosts from the PIX end (my office) rather than installing servers on the remote end.Cheers,
Dylan.